[CentOS] syslog-ng

Fri Aug 29 21:24:26 UTC 2008
Timothy Selivanow <timothy.selivanow at virtualxistenz.com>

On Fri, 2008-08-29 at 11:00 -0700, Aleksey Tsalolikhin wrote:
> On 8/29/08, Mag Gam <magawake at gmail.com> wrote:
> > Hello,
> >
> > I know centos does not use syslog-ng, but I have installed it at my
> > university. My intention is if a particular string appears in my
> > /var/log/messages I would like to get an email alert.
> Check out SWATCH:   http://swatch.sourceforge.net/

Expanding on that, here is a way that I know works in CentOS 5:

In syslog-ng.conf add the following or similar 'destination':

destination d_swatch { program("/usr/bin/swatch
--config-file=/etc/swatch.conf --script-dir=/var/run/swatch --read-pipe=
\"cat /dev/fd/0\""); };

I got that from http://www.campin.net/syslog-ng/faq.html a long time